Microsoft Windows 10 and Windows 11 end users are at risk of a new unpatched vulnerability that was recently disclosed publicly.
As we reported very last week, the vulnerability — SeriousSAM — lets attackers with minimal-level permissions to obtain Windows method information to complete a Move-the-Hash (and probably Silver Ticket) attack.
Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Supervisor (SAM) and Registry, and eventually operate arbitrary code with Method privileges.
SeriousSAM vulnerability, tracked as CVE-2021-36934, exists in the default configuration of Windows 10 and Windows 11, specifically due to a location that permits ‘read’ permissions to the built-in user’s group that includes all nearby people.
As a end result, created-in neighborhood customers have obtain to read through the SAM documents and the Registry, exactly where they can also perspective the hashes. When the attacker has ‘User’ accessibility, they can use a software these as Mimikatz to gain accessibility to the Registry or SAM, steal the hashes and change them to passwords. Invading Area consumers that way will give attackers elevated privileges on the network.
Simply because there is no formal patch offered yet from Microsoft, the best way to protect your setting from SeriousSAM vulnerability is to implement hardening actions.
According to Dvir Goren, CTO at CalCom, there are a few optional hardening actions:
When using GPOs for implementation, make sure the subsequent UI Route is Enabled:
Computer system ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsNetwork entry: Do not allow storage of passwords and qualifications for network authentication
In spite of the truth that the very last advice features a fantastic remedy for SeriousSAM, it may perhaps negatively affect your manufacturing if not thoroughly tested before it is pushed. When this placing is enabled, applications that use scheduled duties and need to retail store users’ hashes regionally will are unsuccessful.
Mitigating SeriousSAM without having risking resulting in destruction to manufacturing
The subsequent are Dvir’s tips for mitigating devoid of resulting in downtime:
These three responsibilities are sophisticated and have to have a good deal of methods and in-house skills. For that reason, Dvir’s last suggestion is to automate the total hardening method to help you save the have to have to conduct levels 1, 2 and 3.
Below is what you will gain from a Hardening Automation Tool:
- Automatically produce the most accurate doable influence examination report – hardening automation resources ‘learns’ your generation dependencies and report to you the possible impression of just about every coverage rule.
- Instantly enforce your policy on your full manufacturing from a one level of regulate – applying these resources, you won’t require to do manual function, these as making use of GPOs. You can handle and be sure all your machines are hardened.
- Manage your compliance posture and check your machines in actual-time – hardening automation resources will monitor your compliance posture, warn and remediate any unauthorized alterations in configurations, consequently blocking configuration drifts.
Hardening automation applications will find out the dependencies straight from your network and routinely deliver an exact influence investigation report. A hardening automation software will also help you orchestrate the implementation and monitoring approach.
Discovered this short article intriguing? Stick to THN on Facebook, Twitter and LinkedIn to read additional special information we publish.
Some areas of this report are sourced from: